Last week, there were 131 vulnerabilities disclosed in 124 WordPress Plugins and 5 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 44 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.
Table of Contents
- New Firewalls
- Total Patched & Unpatched
- Total Vulnerabilities By CVSS
- Total Vulnerabilities By CWE
- WordPress Themes Vulnerabilities Reported
- WordPress Plugins Vulnerabilities Reported
Have ServiceNow & WordPress? Purchase ServicePress Core and get ServicePress: Wordfence Security (add-on) for Free.
New Firewall Rules Deployed Last Week
The Wordfence Threat Intelligence Team reviews each vulnerability to determine impact and severity, along with assessing the likelihood of exploitation, to verify that the Wordfence Firewall provides sufficient protection.
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week:
- WAF-RULE-849 – Data redacted while we work with the vendor on a patch.
- WAF-RULE-853 – Data redacted while we work with the vendor on a patch.
Wordfence Premium, Care, and Response customers received this protection immediately, while users still running the free version of Wordfence will receive this enhanced protection after a 30 day delay.
Total Unpatched & Patched Vulnerabilities Last Week
| Patch Status | Number of Vulnerabilities |
|---|---|
| Patched | 40 |
| Unpatched | 91 |
Total Vulnerabilities by CVSS Severity Last Week
| Severity Rating | Number of Vulnerabilities |
|---|---|
| Medium Severity | 121 |
| High Severity | 8 |
| Critical Severity | 2 |
Total Vulnerabilities by CWE Type Last Week
| Vulnerability Type by CWE | Number of Vulnerabilities |
|---|---|
| Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | 59 |
| Missing Authorization | 29 |
| Cross-Site Request Forgery (CSRF) | 25 |
| Unrestricted Upload of File with Dangerous Type | 5 |
| Server-Side Request Forgery (SSRF) | 4 |
| Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | 3 |
| Incorrect Authorization | 2 |
| Authorization Bypass Through User-Controlled Key | 1 |
| Deserialization of Untrusted Data | 1 |
| Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) | 1 |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 1 |
Have ServiceNow & WordPress? Purchase ServicePress Core and get ServicePress: Wordfence Security (add-on) for Free.
WordPress Themes with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| Fitness Park | fitness-park |
| Hello FSE Blog | hello-fse-blog |
| HYDRO – One Page Portfolio WordPress Theme | hydro |
| OceanWP | oceanwp |
| Spark Multipurpose | spark-multipurpose |
WordPress Plugins with Reported Vulnerabilities Last Week
| Software Name | Software Slug |
|---|---|
| 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery | interactive-3d-flipbook-powered-physics-engine |
| AI Engine | ai-engine |
| Anant Addons for Elementor | anant-addons-for-elementor |
| ANON::form embedded secure form | anonform-embedded-secure-form |
| App Builder – Create Native Android & iOS Apps On The Flight | app-builder |
| ATP Call Now | atp-call-now |
| Auto Upload Images | auto-upload-images |
| Automatically Hierarchic Categories in Menu | automatically-hierarchic-categories-in-menu |
| Beaver Builder Plugin (Starter Version) | bb-plugin |
| Better Random Redirect | better-random-redirect |
| Blog2Social: Social Media Auto Post & Scheduler | blog2social |
| Bluff Post | bluff-post |
| Breeze – WordPress Cache Plugin | breeze |
| Bulk YouTube Post Creator | bulk-youtube-post-creator |
| Buying Buddy IDX CRM – Real Estate MLS Plugin | buying-buddy-idx-crm |
| Change Cart button Colors WooCommerce | wc-style |
| ClipLink | cliplink |
| Code Engine | code-engine |
| CodePen Embed Block | codepen-embed-block |
| Contact Form 7 AWeber Extension | integrate-contact-form-7-and-aweber |
| ContentStudio | contentstudio |
| Cookie-Script.com | cookie-script-com |
| Creative Contact Form | sexy-contact-form |
| CRM ERP Business Solution | freelancers & SME | for WordPress & WooCommerce | crm-erp-business-solution |
| CSV Importer Improved | csv-importer-improved |
| CSV Me | csv-me |
| Download Manager | download-manager |
| Drag and Drop Multiple File Upload for Contact Form 7 | drag-and-drop-multiple-file-upload-contact-form-7 |
| eDS Responsive Menu | eds-responsive-menu |
| Elementor Website Builder Pro | elementor-pro |
| Elementor Website Builder – More Than Just a Page Builder | elementor |
| ElementsKit Elementor Addons and Templates | elementskit-lite |
| Enhanced Blocks – Page Builder Blocks for Gutenberg | enhanced-blocks |
| Esselink.nu Settings | esselinknu-settings |
| Euro FxRef Currency Converter | euro-fxref-currency-converter |
| FastBook – Responsive Appointment Booking and Scheduling System | fastbook-responsive-appointment-booking-and-scheduling-system |
| File Manager Pro – Filester | filester |
| Firelight Lightbox | easy-fancybox |
| Football Pool | football-pool |
| FormLift for Infusionsoft Web Forms | formlift |
| FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | wp-marketing-automations |
| Fyrebox Quizzes | fyrebox-shortcode |
| Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers | rafflepress |
| GiveWP – Donation Plugin and Fundraising Platform | give |
| Guest posting / Frontend Posting / Front Editor – WP Front User Submit | front-editor |
| Gutenberg Blocks – ACF Blocks Suite | acf-blocks |
| Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons | gutenverse-news |
| Hand Talk | handtalk |
| HUSKY – Products Filter Professional for WooCommerce | woocommerce-products-filter |
| Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes | image-sizes-controller |
| Import YouTube videos as WP Posts | import-youtube-videos-as-wp-post |
| Inventory Presser – Car Dealer Listings | inventory-presser |
| IP Based Login | ip-based-login |
| Job Postings | job-postings |
| JobSearch WP Job Board | wp-jobsearch |
| JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin | jobwp |
| Kata Plus – Addons for Elementor – Widgets, Extensions and Templates | kata-plus |
| Knowledge Base – Knowledge Base Maker | knowledge-base-maker |
| Lewe ChordPress – ChordPro Text Formatter | chordpress |
| Live Sports Streamthunder | live-sports-streamthunder |
| Login & Register Customizer – Popup | Slider | Inline | WooCommerce | easy-login-woocommerce |
| Logo Manager For Samandehi | samandehi-logo-manager |
| Mailing Group Listserv | wp-mailing-group |
| Master Slider – Responsive Touch Slider | master-slider |
| Media Hygiene: Remove or Delete Unused Images and More! | media-hygiene |
| Modern Footnotes | modern-footnotes |
| Oganro Travel Portal Search Widget for HotelBeds APITUDE API | oganro-travel-portal-search-widget-for-hotelbeds-apitude-api |
| PDPA Consent for Thailand | pdpa-consent |
| Pixabay Images | pixabay-images |
| Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more | woocommerce-google-adwords-conversion-tracking-tag |
| PixelBeds Channel Manager and Hotel Booking Engine | pixelbeds-channel-manager-booking-engine |
| Poll, Survey & Quiz Maker Plugin by Opinion Stage | social-polls-by-opinionstage |
| Polls CP | cp-polls |
| Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | post-and-page-builder |
| PowerPress Podcasting plugin by Blubrry | powerpress |
| RDFa Breadcrumb | rdfa-breadcrumb |
| Real Estate Manager – Property Listing and Agent Management | real-estate-manager |
| Recipes manager – WPH | wph-recipes-manager |
| Related Products Manager for WooCommerce | related-products-manager-woocommerce |
| School Management System for WordPress | school-management |
| Scroll UP | scroll-to-up |
| Send Notifications from Woocommerce, Form Plugins and More! | notifier |
| Simple Logo Carousel | simple-logo-carousel |
| Simple Sticky Footer | simple-sticky-footer |
| Sitekit | sitekit |
| Smart Notification WordPress Plugin. Web & Mobile Push, FB Messenger, FB Notifications & Newsletter. | smio-push-notification |
| SpecFit-Virtual Try On Woocommerce | try-on-for-woocommerce |
| Spoki – Chat Buttons and WooCommerce Notifications | spoki |
| TableOn – WordPress Posts Table Filterable | posts-table-filterable |
| Target Video Easy Publish | brid-video-easy-publish |
| Tealium | tealium |
| TinyNav | tinynav |
| TM Replace Howdy | tm-replace-howdy |
| Ultra Addons for Contact Form 7 | ultimate-addons-for-contact-form-7 |
| UpStream: a Project Management Plugin for WordPress | upstream |
| User Roles and Capabilities | user-roles-and-capabilities |
| Video List Manager | video-list-manager |
| Virtual Moderator | virtual-moderator |
| Wise Chat | wise-chat |
| WooCommerce Fortnox Integration | woocommerce-fortnox-integration |
| Woocommerce Line Notify | woo-line-notify |
| WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily | innovs-woo-manager |
| WordPress Infinite Scroll – Ajax Load More | ajax-load-more |
| WP Customer Area | customer-area |
| WP Dummy Content Generator | wp-dummy-content-generator |
| WP Inventory Manager | wp-inventory-manager |
| WP Register Profile With Shortcode | wp-register-profile-with-shortcode |
| WP Roadmap – Product Feedback Board | wp-roadmap |
| WP Social AutoConnect | wp-fb-autoconnect |
| WP User Profile Avatar | wp-user-profile-avatar |
| WP User Stylesheet Switcher | wp-user-stylesheet-switcher |
| WP Visitor Statistics (Real Time Traffic) | wp-stats-manager |
| WP Voting Contest Lite | wp-voting-contest |
| WP Zoho for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms – CRM, Bigin | cf7-zoho |
| WP-DownloadCounter | wp-downloadcounter |
| WP-Members Membership Plugin | wp-members |
| WP-Recall – Registration, Profile, Commerce & More | wp-recall |
| WPBakery Page Builder for WordPress | js_composer |
| WPComplete | wpcomplete |
| WPThumb | wp-thumb |
| XML Travel Portal Widget | oganro-reservation-widget |
| YITH PayPal Express Checkout for WooCommerce | yith-paypal-express-checkout-for-woocommerce |
| Zapier for WordPress | zapier |
| Zara 4 Image Compression | zara-4 |
Have ServiceNow & WordPress? Purchase ServicePress Core and get ServicePress: Wordfence Security (add-on) for Free.